CVE-2014-0488

CWE-20Improper Input Validation9 documents7 sources
Severity
6.8MEDIUM
EPSS
0.2%
top 57.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Advanced Package Tool
Timeline
PublishedNov 3
Latest updateMay 13

Description

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

Debianapt< 1.0.9+3
Ubuntuapt< 1.0.1ubuntu2.3
NVDdebian/advanced_package_tool1.0.3, 1.0.7+1

Patches

Patch: ubuntu.comPatch: ubuntu.com

🔴Vulnerability Details

4
GHSA
GHSA-877r-5chx-6473: APT before 12022-05-13
CVEList
CVE-2014-0488: APT before 12014-11-03
OSV
CVE-2014-0488: APT before 12014-11-03
OSV
apt vulnerabilities2014-09-16

📋Vendor Advisories

2
Ubuntu
APT vulnerabilities2014-09-16
Debian
CVE-2014-0488: apt - APT before 1.0.9 does not "invalidate repository data" when moving from an unaut...2014

💬Community

2
Bugzilla
CVE-2014-0490 CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 apt: multiple issues [fedora-all]2014-09-18
Bugzilla
CVE-2014-0488 CVE-2014-0487 CVE-2014-0489 CVE-2014-0490 apt: multiple issues2014-09-18
CVE-2014-0488 (MEDIUM CVSS 6.8) | APT before 1.0.9 does not "invalida | cvebase.io